Shulou(Shulou.com)06/02 Report--

This article mainly explains "default permissions and hidden permissions of Linux files and directories". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn the default permissions and hidden permissions of Linux files and directories.

01. File default permissions: umask

The permissions of the file can be changed using chmod, but what is our default permission to create the file? Then it has something to do with umask. Let's learn this instruction.

1.1 simple use of umask

[root@iZbp13q6hd8z3xaagcmz6gZ /] # umask0022 [root@iZbp13q6hd8z3xaagcmz6gZ /] # umask-Su=rwx,g=rx,o=rx [root@iZbp13q6hd8z3xaagcmz6gZ /] #

There are two ways to check, one is to enter umask directly, and you can see the permission setting score of the digital posture. One is to add the option-S, and the permissions will be displayed in the form of symbolic types.

1.2 explain why there are four sets of numbers

Our file permissions will have ten characters, the first character represents the file type, and the remaining nine characters are divided into three groups, namely owner (owner), group (group), and others (others).

But here the first group is for special permissions, and the last three groups are the permissions we need to learn.

1.3 default permissions for files and directories

On the properties of default permissions, directories and files are different, because X permissions are very important for directories! No X permission means you can't work in this directory. However, files do not need this permission, because files are usually used for records of data, so they are not needed.

Default permissions for files:-rw-rw-rw-

Default permissions for directories: drwxrwxrwx

1.4 explain the meaning of umask numbers

The score of umask refers to the permissions that need to be deducted from this default value.

In 0022, we know that the first value is 0022, the second value is 0, that is, user does not subtract any permissions, but the permissions of group and others are subtracted by 2 (that is, w this permission), so when the user's permissions to create files and directories are

File: (- rw-rw-rw-)-(- wmurmurw -) =-rw-r--r--

Table of contents: (drwxrwxrwx)-(dmurmuri -) = drwxr-xr-x

1.5 actual combat test 1.4 the accuracy of conjecture

The actual test proves that our reasoning is correct.

[root@iZbp13q6hd8z3xaagcmz6gZ learn] # umask0022 [root@iZbp13q6hd8z3xaagcmz6gZ learn] # ll-d test*-rw-r--r-- 1 root kaka 0 Aug 15 11:19 test1drwxr-xr-x 2 root kaka 4096 Aug 15 11:19 test2 [root@iZbp13q6hd8z3xaagcmz6gZ learn] #

1.6 Utilization and importance of umask

Imagine a situation where you and your work partner work in the same directory, and then you create files that your partner has only read access, not write access. If you create a file, you have to modify the permissions of the file. Maybe before I didn't know the command umask, but now I can set it with one button, .

It is very simple to deal with this problem. That is to say, as long as we ensure that our file permissions are 664.

Then our umask should be 0. 02 instead of 0. 22.

1.7 how to set up umask

Just follow the umask and follow the numerical value directly.

[root@iZbp13q6hd8z3xaagcmz6gZ learn] # umask 002 [root@iZbp13q6hd8z3xaagcmz6gZ learn] # touch test;ll test-rw-rw-r-- 1 root kaka 0 Aug 16 10:49 test [root@iZbp13q6hd8z3xaagcmz6gZ learn] #

1.8 points for attention of umask default values

For security reasons, root users are 022 and other users are 002.

Example 1: assuming that your umask is 003, what are the permissions of files and directories created in the case of this umask?

File: (- rw-rw-rw)-(- wx) =-rw-rw-r--

Directory: (drwxrwxrwx)-(d-wx) = drwxrwxr--

02. File hide attributes

In addition to those three permissions, the file also has hidden properties. Take a look at it below.

2.1 chattr sets file hiding properties

: + add a special parameter, while other existing parameters remain unchanged.

:-remove a special parameter, while other existing parameters remain unchanged.

: = set certain, and only have the following parameters

Parameters:

A: when an is set, this file can only add data, but cannot delete or modify data. Only root can set this property.

I: this I is very good! He can make a file "cannot be deleted or renamed."

[root@iZbp13q6hd8z3xaagcmz6gZ learn] # chattr + a kaka.php [root@iZbp13q6hd8z3xaagcmz6gZ learn] # lsattr kaka.php-a-e-- kaka.php

2.2 View the hidden properties of the file

Lsattr file name

2.3 pay attention

As long as a hidden property is set, no user can escape the effect of this property. So are root users.

03. File special privileges: SUID, SGID, SBIT

There are three important file permissions, that is, rwx, but when we test the directory, we will find that the permissions of some directories and files are a little strange. Let's take a look.

[root@iZbp13q6hd8z3xaagcmz6gZ /] # ls-ld tmpdrwxrwxrwt. 13 root root 4096 Aug 16 03:38 tmp [root@iZbp13q6hd8z3xaagcmz6gZ /] # ls-l / usr/bin/passwd-rwsr-xr-x. 1 root root 27832 Jun 10 2014 / usr/bin/passwd

File permissions should not be only rwx, how can there be special permissions, t and s

SUID

When the s flag appears on the x permission of the file owner, for example, the permission status of the file passwd-rwsr-xr-x, it is called set uid, or special permission of SUID for short.

SUID permissions are valid only for binary programs

The executor needs to have executable permission of x for the program

This permission is valid only during the execution of the program

The executor will have the permissions of the owner of the program

To put it simply, the passwords of all accounts in linux are recorded in / etc/shadow this file, the permission of this file is-1 root root 866 Aug 13 15:28 / etc/shadow, which means that only root can be read in this file, and only root can be forced to write, since only root can modify this file, can another user modify it? We use another user to enter the passwd command, and the average user can of course change his or her password

Is it a bit contradictory here? obviously / etc/shadow cannot be accessed by other users, why other users can modify it? this is the function of SUID.

Dmtsai has x permission for the program / usr/bin/passwd, which means that dmtsai can execute

Passwd

The owner of passwd is root.

When dmtsai executes passwd, it will obtain the permission of root "temporarily".

/ etc/shadow can be modified by the passwd executed by dmtsai.

But if dmtsai uses cat to read / etc/shadow, can he read it? Because cat does not have the right to SUID.

Limit, so dmtsai cannot read / etc/shadow when it executes "cat / etc/shadow".

Note: SUID is not valid for directories

SGID

SBIT

Since several privileges here will be described in detail later, I will only write this one here for the time being, and then I will come back to supplement it later.

At this point, I believe that everyone on the "Linux files and directories default permissions and hidden permissions" have a deeper understanding, might as well to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.